getting rid of blowfishes

L. Sassaman
Sun, 30 Apr 2000 16:45:01 -0700 (PDT)

Hash: SHA1

On Sun, 30 Apr 2000, Werner Koch wrote:

> On Thu, 27 Apr 2000, Pete Chown wrote:
> > I thought GnuPG now avoided all the known problems with ElGamal
> > signing. Is this not the case?
> ElGamal S+E keys are fully OpenPGP compatible and GnuPG avoids the
> problems. I don't suggest to use them, however some folks feel like
> it is a good idea to have a fallback algorithm.
I didn't mean to sound like I was saying it wasn't OpenPGP compatable. I just don't think it is advisable to use them, as you say. Having a fall back algorithm is a good idea... I just worry that people see it and decide to use it, not knowing any of the issues involved.
> Blowfish is a well respected algorithm and has been used by the first
> PGP 5 version. It is faster than CAST-5 and OpenPGP compatible.
> Twofish is not yet OpenPGP and not in wide use mainly because NAI
> refused to accept most OpenGPG WG suggestions because they don't want
> to implement it in their product.
Well, let's not be so harsh with the suppositions here. I think you will be pleasantly surprised with 7.0.
> GnuPG is not PGP nor an NAI product but an OpenPGP implementation; so
> there is no reason to head for PGP x.x compatibilty. NAI is selling a
> proprietary product - GnuPG is free software. The GNU project is
> doing software to create a free operating system and not to compete
> with proprietary products. If NAI wants to be compatible to GnuPG,
> they should fix PGP: I guess they have far more developers than we.
I have to disagree slightly with this. I think it is important for both the PGP developers and the GnuPG developers to strive for compatability with each other's product. Fragmenting the OpenPGP community is not a good thing, for anyone involved. - --Len. __ L. Sassaman System Administrator | Technology Consultant | "To hold a pen is to be at war." icq.. 10735603 | pgp.. finger:// | --Voltaire -----BEGIN PGP SIGNATURE----- Comment: OpenPGP Encrypted Email Preferred. iD8DBQE5DMWFPYrxsgmsCmoRAiC1AJ9Exf45gVh/b03RtBhA0FvVYUr6SwCg420O vBs0dO75rmwoch0P58CLvl4= =1Cwp -----END PGP SIGNATURE-----